In this guest commentary, Rob Scoffin, chairman and CEO, and Iain Ronayne, head of IT at Cresset, discuss strategies for assuring and future-proofing data security for safe and efficient drug discovery.
In this digital age, reliance on computational platforms has become commonplace. The pharmaceutical industry is no different, employing computer-based systems to aid with data processing, storage, and collaborative thinking. With this shift and the continuous innovation in technology comes new threats. The pharmaceutical and biotech sectors suffer more breaches than any other industry, with 53% resulting from malicious activity. Many of these cyberattacks are ransomware, where files remain encrypted and unusable until a ransom is paid and a decryption key is provided. For example, in 2018, Merck suffered significantly when targeted by a ransomware attack, to the tune of approximately $915 million, disrupting global operations and supply chains that took around six months to restore.
The data collected throughout the drug discovery process is sensitive and valuable. The protection of the intellectual property (IP) protection contained in the data is key, be that through secrecy or patent protection. In both cases, having robust controls in place to ensure all data is secure and safeguarded is essential.
To protect against potential cyberattacks, organizations must implement an effective strategy that allows for proactive detection and rapid response. Continuous monitoring and innovative security systems are critical to secure data, educate users, and mitigate risks, ensuring the IT infrastructure remains protected and effective.
Enhancing drug discovery with computational resources
Recent industry breakthroughs have been driven by advances in cloud computing and computer-aided drug design (CADD), which have transformed how drug discovery projects are conducted. With cloud platforms, data is seamlessly integrated, shared, and analyzed by internal and external partners. This ease of data access and sharing has elevated collaboration, with real-time access and insight provided throughout drug discovery. More than 83% of pharmaceutical companies already use cloud technology. Integrated with CADD software, these systems can provide critical insights into the best next steps.
Despite drug discovery not being held to the same level of regulatory oversight as processes further down the drug development pipeline, decision-makers can still be risk averse, which can significantly hinder progress. If organizations opt for a cautious approach when adopting new technologies, they risk falling behind, with technological advances providing the opportunity to enhance and streamline workflows, aid collaborative efforts, and foster innovative thinking. To overcome this aversion, having a robust and comprehensive cybersecurity strategy is key.
Mitigating risk with an effective cybersecurity strategy
Cloud-based platforms often have inbuilt security features and measures, which differ depending on the system used. Investing in cloud systems with robust IT infrastructure and building in additional protection ensures that data hosted on a cloud platform has the best possible defense, providing connectivity with security in mind. In addition, technology is constantly evolving, requiring continuous re-evaluation and updates of current systems to ensure that the most robust data security systems are in place.
As the user is often the weakest link in the chain, it is also essential to have comprehensive and effective security training in place for all personnel. This provides awareness and equips them with the necessary information so that individuals know what to look out for. This vigilance means potential threats are detected and reported quickly and efficiently, which can be instrumental in stopping cyberattacks from occurring. With this proactivity, systems are protected and risks mitigated.
In addition, when hosting information on collaborative platforms such as cloud-based systems, strategies including utilizing a zero-trust model can be used. By defaulting to not trusting any users on a network and only granting approved access as required, individuals can only access what they need, preventing the likelihood of unauthorized access to sensitive information.
Building a secure partnership
Outsourcing critical services to a contract research organization (CRO) forms an essential part of drug discovery, providing businesses with expert input to drive projects forward and streamline the process to market and patients. Nevertheless, when forging these collaborative partnerships, security should be a key consideration. A security-focused audit or questionnaire, which covers subjects such as cloud systems, data encryption, user authorization, and network security, can quickly establish the level of risk when working with an external partner. With this proactive approach, CROs that do not meet the required security level can be swiftly removed from consideration.
Companies with accredited compliance, such as an ISO certification, can be prioritized. Providing a level of baseline assurance, accreditation acts as proof that a business takes cybersecurity seriously and has an established information security management system (ISMS) in place. However, caution should still be taken to comprehensively check a company’s security practices before establishing a partnership.
Staying ahead of the game
With new technologies come new threats, and as the drug discovery sector continues to evolve with advancing technologies, companies will need to be more proactive in their approach to cybersecurity. Extensive research into the security levels of cloud platforms and CROs forms the basis of data security. Building on this further, additional security measures and extensive training programs, provide an extra layer of assurance. Constant testing and re-evaluation of these methods will remain key, as the industry continues to advance in implementing newer systems and technologies, assuring security while advancing drug discovery.
Rob Scoffin and Iain Ronayne are the CEO and Head of IT of Cresset, respectively. Email: [email protected] and [email protected].
